From 19d725a92054741c76b07fba5c768154f5801122 Mon Sep 17 00:00:00 2001
From: Bryan Joshua Pedini <bryan@pedini.dev>
Date: Fri, 31 Jan 2025 16:11:05 +0100
Subject: [PATCH] added sshd config playbook

---
 sshd-config.yml               |  9 +++++++++
 tasks/general/sshd-config.yml | 13 +++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 sshd-config.yml
 create mode 100644 tasks/general/sshd-config.yml

diff --git a/sshd-config.yml b/sshd-config.yml
new file mode 100644
index 0000000..36c6f67
--- /dev/null
+++ b/sshd-config.yml
@@ -0,0 +1,9 @@
+---
+- hosts: all
+  become: true
+  tasks:
+    - import_tasks: tasks/general/sshd-config.yml
+    - import_tasks: tasks/debian-general/restart-ssh-service.yml
+      when: ansible_facts["os_family"] == "Debian"
+    - import_tasks: tasks/rhel-general/restart-ssh-service.yml
+      when: ansible_facts["os_family"] == "RedHat"
diff --git a/tasks/general/sshd-config.yml b/tasks/general/sshd-config.yml
new file mode 100644
index 0000000..c654cc1
--- /dev/null
+++ b/tasks/general/sshd-config.yml
@@ -0,0 +1,13 @@
+---
+- name: Ensure the TCPKeepAlive option is uncommented and set to yes
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^#?TCPKeepAlive"
+    line: "TCPKeepAlive yes"
+    state: present
+- name: Ensure the ClientAliveInterval option is uncommented and set to 10 seconds
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^#?ClientAliveInterval"
+    line: "ClientAliveInterval 10"
+    state: present